We care about our patients’privacy and strive to protect the confidentiality of your medical information at this practice.

New federal legislation requires that we issue this official notice of our privacy practices. You have the right to the confidentiality of your medical information, and this practice is required by law to maintain the privacy of that protected health information. This practice is required to abide by the terms of the Notice of Privacy Practices currently in effect, and to provide notice of its legal duties and privacy practices with respect to protected health information. lf you have any questions about this Notice, please cantact the Privacy Officer at this practice.

Who Will Follow This Notice
Any health care professional authorized to enter information into your medical record, all employees, staff and other personnel at this practice who may need access to your information must abide by this Notice.

All subsidiaries, business associates (e.g.a billing service), sites and locations of this practice may share medical information with each other for treatment, payment purposes or health care operations described in this Notice. Except where treatment is involved, only the minimum necessary information needed to accomplish the task will be shared.

How We May Use and Disclose Medical lnformation About You

HIPAA COMPLIANCE CALIFORNIA
HIPAA COMPLIANCE CALIFORNIA

The following categories describe different ways that we may use and disclose medical information without your specific consent or authorization.

Examples are provided for each category of uses or disclosures. Not every possible use or disclosure in a category is listed.

For Treatment.

We may use medical information about you to provide you with medical treatment or services.

Example: ln treating you for a specific condition, we may need to know if you have allergies that could influence which medications we prescribe for the treatment process.

For Payment.

We may use and disclose medical information about you so that the treatment and services you receive from us may be billed and payment may be collected from you, an insurance company or a third party.

Example:We may need to send your protected health information, such as your name, address, office visit date, and codes identifying your diagnosis and treatment to your insurance company for payment.

For Health Care Operations.

We may use and disclose medical information about you for health care operations to assure that you receive quality care. Example:We may use medical inlormation to review our treatment and services and evaluate the pedormance of our staff in caring for you.

Other Uses or Disclosures That Can Be Made Without Consent or Authorization

. As required during an investigation by law enforcement agencies
. To avert a serious threat to public health or safety
. As required by military command authorities for their medical records
. To workers’ compensation or similar programs for processing of claims
. ln response to a legal proceeding
. To a coroner or medical examiner for identification of a body
. lf an inmate, to the correctional institution or law enforcement official
. As required by the US Food and Drug Administration (FDA)
. Other healthcare providers’ treatment activities
. Other covered entities’ and providers’ payment activities
. Other covered entities’healthcare operations activities (to the extent permitted under HIPAA)
. Uses and disclosures required by law
. Uses and disclosures in domestic violence or neglect situations
. Health oversight activities
. Other public health activities

Other uses and disclosures of medical information not covered by this Notice or the laws that apply to us will be made only with your written authorization. lf you give us authorization to use or disclose medical information about you, you may revoke that authorization, in writing, at any time. lf you revoke your authorization, we will thereafter no longer use or disclose medical information about you for the reasons covered by your written authorization. You understand that we are unable to take back any disclosures we have already made with your authorization, and that we are required to
retain our records of the care we have provided you.

Your individual Rights Regarding Your Medical lnformation Complaints.

lf you believe your privacy rights have been violated, you may file a complaint with the Privacy Officer at this practice or with the Secretary of the Department of Health and Human Services. All complaints must be submitted in writing.

You will not be penalized or discriminated against for filing a complaint.

Right to Request Restrictions.

You have the right to request a restriction or limitation on the medical information weuse or disclose about you for treatment, payment or health care operations or to someone who is involved in your care or the payment for your care. We are not required to agree to your request. lf we do agree, we will comply with your request unless the information is needed to provide you with emergency treatment.

To request restrictions, you must submit your request in writing to the Privacy Officer at this practice. ln your request, you must tell us what information
you want to limit.

Right to Request Confidential Communications.

You have the right to request how we should send communications to you about medical matters, and where you would like those communications sent. To request confidential communications, you must make your request to the Privacy Officer at this practice. We will not ask you the reason for your request.

We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted. We reserve the right to deny a request if it imposes an unreasonable burden on the practice.

Right to lnspect and Copy.

You have the right to inspect and copy medical information that may be used to make decisions about your care. Usually this includes medical and billing records but does not include psychotherapy notes, information compiled for use in a civil, criminal, or administrative action or proceeding, and protected health information to which access is prohibited by law. To inspect and copy medical information that may be used to make decisions about you, you must submit your request in writing to the Privacy Officer at this practice. lf you request a copy of the information, we reserve the right to charge a fee for the costs of copying, mailing or other supplies associated with your request.

We may deny your request to inspect and copy in certain very limited circumstances, lf you are denied access to medical information, you may request that the denial be reviewed. Another licensed health care professional chosen by this practice will review your request and the denial.

The person conducting the review will not be the person who denied your request. We will comply with the outcome of the review.

Right to Amend. lf you feel that medical information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept.

To request an amendment, your request must be made in writing and submitted to the Privacy Officer at this practice. ln addition, you must provide a reason that supports your request. We may deny your request for an amendment if it is not in writing or does not include a reason to support the request.

ln addition, we may deny your request if the information was not created by us, is not part of the medical information kept at this practice, is not part of the information which you would be permitted to inspect and copy, or which we deem to be accurate and complete. lf we deny your request for amendment, you have the right to file a statement ol disagreement with us.

We may prepare a rebuttal to your statement and get more info will provide you with a copy of any such rebuttal. Statements of disagreement and any corresponding rebuttals will
be kept on file and sent out with any future authorized requests for information pertaining to the appropriate portion of your record.

Right to an Accounting of Non-Standard Disclosures.

You have the right to request a list of the disclosures we made of medical information about you. To request this list, you must submit your request to the Privacy Officer at this practice.

Your request must state the time period for which you want to receive a list of disclosures that is no longer than six years, and may not include dates before April 14, 2003.Your request should indicate in what form you want the list
(example:on paper or electronically).The first list you request within a 12-month period will be free. For additional lists, we reserve the right to charge you for the cost of providing the list.

Right to a Paper Copy of This Notice.

You have the right to a paper copy of this Notice at any time. Even if you have
agreed to receive this notice electronically, you are still entitled to a paper copy. To obtain a paper copy of the current

Notice, please request one in writing from the Privacy Officer at this practice.
Changes To This Notice

We reserve the right to change this Notice. We reserve the right to make the revised or changed Notice effective for medical information we already have about you as well as any information we receive in the future.

We will post a copy of the current Notice, with the effective date in the upper right corner of the first page.

HIPAA Violations
HIPAA Violation Minimum Penalty Maximum Penalty
Unknowing $100 per violation, with an annual maximum of $25,000 for repeat violations (Note: maximum that can be imposed by State Attorneys General regardless of the type of violation) $50,000 per violation, with an annual maximum of $1.5 million
Reasonable Cause $1,000 per violation, with an annual maximum of $100,000 for repeat violations $50,000 per violation, with an annual maximum of $1.5 million
Willful neglect but violation is corrected within the required time period $10,000 per violation, with an annual maximum of $250,000 for repeat violations $50,000 per violation, with an annual maximum of $1.5 million
Willful neglect and is not corrected within required time period $50,000 per violation, with an annual maximum of $1.5 million $50,000 per violation, with an annual maximum of $1.5 million